rfc: Support for stronger ssh key exchange

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

With openssh 6.5 the support for Ed25519 as public key type was added.

gitlab.com supports private/public key exchange with this elliptic curve released by Daniel J. Bernstein. I would really like to extend the existing "generate ssh key" manual/documentation site with:

ssh-keygen -t ed25519 -C "name@domain.com" -f gitlab

In this article about "securing the secure shell" I adopted one possible config entry for the ssh config (normally located in ~/.ssh/config):

Host gitlab.com
HostName 104.210.2.228
AddressFamily inet
KexAlgorithms curve25519-sha256@libssh.org
HostKeyAlgorithms ssh-ed25519
Ciphers chacha20-poly1305@openssh.com
IdentityFile ~/.ssh/gitlab
User git

This example is based on the gitlab.com credentials.

So do you think it is worth to have these kind of suggestions shown on the offical help/ssh/README guide?

Edited Jun 11, 2025 by 🤖 GitLab Bot 🤖